Privacy Policy
Last updated: 14 March 2026. This policy applies to the Struktive platform operated by GeekSpeak Commerce.
1. Who we are
Struktive is a data normalisation platform operated by GeekSpeak Commerce. We provide tools that clean, classify, and score asset inventory data for data centre, mining, and MRO environments. Our registered contact for privacy matters is [email protected].
2. What data we collect
Account data. When you create an account we collect your name, email address, and a hashed password. If you sign in via Manus OAuth we receive only your name and email from the OAuth provider.
Uploaded files. You may upload CSV or Excel files containing asset inventory data. These files are processed to produce normalised output and are deleted from our servers within 24 hours of job completion. We do not retain your raw uploaded file.
Job records. We store the normalised results of each processing job, including asset records, quality scores, and export files. Free-tier job records are retained for 90 days. Paid job records are retained for 12 months. Compliance Audit Packs are retained for 12 months regardless of tier.
Usage data. We collect page views, feature interactions, and error logs for product improvement. This data is aggregated and not linked to individual users.
Payment data. Payment processing is handled by Stripe. We store only the Stripe customer ID and payment intent references. We never store card numbers, CVV codes, or full payment details.
3. Lawful basis for processing (GDPR)
| Processing activity | Lawful basis |
|---|---|
| Account creation and authentication | Contract — necessary to provide the service |
| Processing uploaded asset files | Contract — the core service you have requested |
| Storing normalised job results | Contract — to make results available to you |
| Sending transactional emails (verification, password reset) | Contract — necessary for account security |
| Sending payment receipts | Legal obligation — required for financial records |
| Usage analytics (aggregated) | Legitimate interests — product improvement |
| Compliance Audit Pack retention (12 months) | Legitimate interests — audit trail integrity |
4. How we use your data
- ·To provide the normalisation service you requested.
- ·To send transactional emails: account verification, password reset, job completion notifications, and payment receipts.
- ·To detect and prevent abuse, fraud, and security incidents.
- ·To improve the platform using aggregated, anonymised usage data.
- ·To comply with legal obligations.
We do not sell your data. We do not share your uploaded asset data with third parties, data brokers, or other Struktive customers. We do not use your uploaded data to train, fine-tune, or build datasets for any machine learning model.
5. Cookies
We use a single HttpOnly session cookie to maintain your login state. This cookie is cryptographically signed, has a 1-year expiry, and is required for the service to function. It is not used for advertising or tracking.
We do not use third-party advertising cookies, tracking pixels, or cross-site analytics. Our analytics are self-hosted and do not set cookies.
6. International data transfers
Our infrastructure is hosted on cloud providers operating in the United States. If you are located in the European Economic Area (EEA), your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) as the transfer mechanism for EEA data. Payment processing is handled by Stripe, Inc., which maintains its own GDPR compliance programme.
7. Your rights (GDPR / data subject rights)
If you are located in the EEA, UK, or another jurisdiction with applicable data protection law, you have the following rights:
| Right | How to exercise it |
|---|---|
| Access | Email [email protected] — we will respond within 30 days. |
| Rectification | Update your account details in Settings, or email us. |
| Erasure (right to be forgotten) | Delete your account in Settings, or email us. We confirm deletion within 5 business days. |
| Restriction of processing | Email [email protected] with your request. |
| Data portability | Export your job results at any time from the Job History page. |
| Objection | Email [email protected]. We will assess and respond within 30 days. |
| Withdraw consent | Where processing is based on consent, you may withdraw it at any time by emailing us. |
You also have the right to lodge a complaint with your local data protection authority. In the UK this is the ICO. In the EU, contact your national supervisory authority.
8. Data retention
| Data type | Retention period |
|---|---|
| Raw uploaded file | Deleted within 24 hours of job completion |
| Free-tier job records | 90 days from processing date |
| Paid job records | 12 months from processing date |
| Compliance Audit Packs | 12 months from generation date (fixed, cannot be shortened) |
| Account data | Until account deletion |
| Payment references (Stripe IDs) | 7 years (legal obligation) |
| Aggregated usage analytics | Indefinitely (anonymised, not linked to individuals) |
9. Security
We implement appropriate technical and organisational measures to protect your data. This includes TLS 1.2+ encryption in transit, AES-256 encryption at rest, bcrypt password hashing, rate limiting, and role-based access controls. For a full description of our technical security controls, see our Security page.
10. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where required by law, notify you by email. Continued use of the platform after the effective date constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions, requests, or complaints, contact us at [email protected]. We aim to respond within 5 business days.
Questions about this policy?
Email [email protected] — we respond within 5 business days.